SessionGuard is now on a 1.x release line. The roadmap below focuses on two things:
- what already shipped and is part of the product baseline
- where the product can provide the next real user value without overstating certainty
v1.0.0 established the current product baseline:
- service-backed restart awareness
- workspace-risk heuristics
- local policy rules and approval windows
- overview-first desktop UI with
Simple viewandTechnical view - service install, validation, and update tooling
- local and GitHub Actions validation, including UI smoke automation
- tag-driven binary release assets for app, service, and source packages
Purpose: Tighten the first public release line so the product is easier to install, easier to understand, and safer to operate.
Delivered:
- documentation cleanup and release-note alignment
- combined app-plus-service bundle install flow
- service-side authorization hardening for write actions
- runtime-neutral package manifests and cleaner bundle docs
- validation and packaging fixes needed for public releases
Purpose: Make SessionGuard feel like a calm background utility that is understandable from the tray first and the dashboard second.
Delivered:
- tray-first startup and quieter installed behavior
- single-instance app activation so relaunching reuses the existing tray app
- clearer tray summary, next-step, and context text
- a calmer dashboard overview with a tighter utility rail
- startup, smoke, and release validation coverage for the tray-first flow
Purpose: Tighten the tray-first runtime so install, upgrade, elevation, and public docs behave predictably on real machines.
Delivered:
- isolated installed, source-run, and elevated app sessions correctly
- clarified the preferred setup zip and direct-download install path
- hardened the combined installer for first launch, reinstall, and live upgrade
- aligned the public docs and generated setup README with the actual install/runtime model
Purpose: Create the first Windows desktop utility that surfaces restart risk and applies a small set of reversible mitigations without disabling Windows Update.
Delivered:
- WPF desktop dashboard
- protected process detection
- bounded restart-state inspection
- configurable JSON settings
- local logging and unit tests
Purpose: Increase confidence in restart-state detection and show more of the Windows Update orchestration picture.
Delivered:
- deeper registry and Windows Update signal coverage
- better aggregation of pending restart versus ambiguous activity
- richer diagnostic provenance in the dashboard
Purpose: Move from a foreground-only monitor to a service-backed architecture with real operational tooling.
Delivered:
SessionGuard.Service- versioned named-pipe control plane
- service publish, install, update, and uninstall scripts
- service health reporting
- published-layout validation and install-readiness checks
Purpose: Make SessionGuard better at recognizing risky live work and reduce manual release validation.
Delivered:
- workspace-risk heuristics and advisory snapshot metadata
- overview-first UI cleanup
Simple viewandTechnical view- deterministic UI smoke automation
- GitHub Actions Windows validation
Purpose: Turn restart guidance into rule-driven behavior and make the result understandable in day-to-day use.
Delivered:
config/policies.json- deterministic policy evaluation
- approval windows and approval persistence
- policy diagnostics and conflict handling
- service-owned write boundary for mitigation and approval actions
- tray summaries and operator-facing notifications
Purpose: Ship a coherent, supportable local product with a real service lifecycle, repeatable validation, and versioned distribution.
Delivered:
- hardened service install and update flow
- config schema versioning and bounded upgrade path
- versioned release automation for binary assets
- release-grade documentation and validation coverage
Purpose: Keep improving the day-to-day tray experience now that the core tray-first shell is in place.
Delivered:
- tighter tray workflow and clearer tray status copy
- fewer duplicated controls between notifications, tray, and dashboard
- an explicit
Open elevated controlspath for service-backed write actions - a smaller support area under the tray menu instead of a long flat action list
- aligned operator docs, validation steps, and workflow definitions for the tray-first runtime
Reference:
Purpose: Make SessionGuard easier to trust and safer to install for direct-download users without changing the current app-plus-service product model.
Implemented on main, but not currently represented by a public v1.3.0 release tag:
- published SHA256 checksum assets for release downloads
- extracted-bundle verification with a root-level
Verify-SessionGuard.ps1 - bundle and release manifests that record integrity and signature metadata without leaking machine-local paths
- standard Authenticode signing support for app and service release binaries
- signed root installer scripts inside the setup bundle
- release-time signature verification for app, service, and bundle installer entry points
- hardened signing-session cleanup and ephemeral certificate handling for release automation
- updated release workflow, docs, and manual validation for signed official releases
- checksum assets retained as the primary download trust anchor alongside signed release binaries
The items below are not promises. They are the most likely next areas of value based on the current product shape.
Purpose: Improve the quality of advice without pretending SessionGuard has deeper app state than it really does.
Likely work:
- richer workspace hints
- more useful policy explanations
- better handling of ambiguous restart pressure
Risks:
- heuristic complexity can create false confidence
- more rule surface can make policy behavior harder to understand
Purpose: Explore whether a reduced-distribution variant could fit Microsoft Store constraints while the full product remains a direct-download tool.
Likely work:
- define a monitor-only or reduced-privilege packaging model
- separate store-compatible functionality from the full service-backed build
Risks:
- store constraints do not map cleanly to the current service-plus-elevation model
- splitting editions can create support and expectation complexity
No matter which path comes next, SessionGuard should stay explicit about one thing:
It mitigates restart disruption where Windows allows it. It does not promise universal restart suppression, and it should not drift into unsupported behavior just to sound stronger.